Shon Harris

Spammer, Mail List Fail and CISSP Superstar

Wed Sep 8 14:04:19 CDT 2010

a tale by jericho



shon harris A couple years back, I received spam from Logical Security advertising a CISSP guide book and training. As with any spam that contains an unsubscribe link, I actually use them because it can't hurt since I am on every spam list out there. Almost two years later, I get a second spam from Logical Security, this time from 'Shon Harris', the president. More advertising for CISSP crap, and the mail even confirms my subscription address which I basically never use to sign up to mail lists or web sites. It was clear that she had re-added me after I removed myself from the first spam list.

This type of bulk e-mailing is amusing as the CISSP Code of Ethics specifically says "Act honorably, honestly, justly, responsibly, and legally." Just another spammer, I figured. Jump to August of 2010 and Shon pops up again, this time looking to unsubscribe from a mail list she previously joined. Of course, being the very helpful person I am, I replied and pointed her to the information she needed. This lead to a fun mail thread between Shon and myself, with one of her fangirls Kristy Seaton jumping in the fray.

The highlight of this thread, was Ray Kaplan calling me prickly. Big <3 to him for that!

From: shonharris (shonharris@logicalsecurity.com)
To: securitymetrics
Date: Wed, 18 Aug 2010 18:28:33 -0500
Subject: RE: [securitymetrics] Metricon 5.5 - Call for a Final Decision

Hi - I have asked to get off this distribution list several times now.

Please take me off this list

Shon Harris
President
Logical Security
Phone: (888) 373-5116
On GSA Contract # GS35F0221S
Email: ShonHarris@LogicalSecurity.com

This transmission is intended for the sole use of the individual and/or
entity to whom it is addressed, and may contain information and/or
attachments that are privileged, confidential and exempt from disclosure
under applicable law. If the reader of this transmission is not the intended
recipient, you are hereby notified that any disclosure, dissemination,
distribution, duplication or the taking of any action in reliance on the
contents of this transmission by someone other than the intended addressee
or its designated agent is strictly prohibited. If your receipt of this
transmission is in error, please notify the sender by replying immediately
to this transmission and destroy the transmission. 

From: security curmudgeon (jericho[at]attrition.org)
To: shonharris (shonharris@logicalsecurity.com)
Cc: securitymetrics
Date: Wed, 18 Aug 2010 20:10:55 -0500 (CDT)
Subject: RE: [securitymetrics] Metricon 5.5 - Call for a Final Decision


On Wed, 18 Aug 2010, shonharris wrote:

: Hi - I have asked to get off this distribution list several times now.
:
: Please take me off this list

Every single mail to the list has simple unsubscribe instructions at the
bottom. In fact, your atrocious quoting of the entire thread has four
mentions of how you can remove yourself from the list.

Any CISSP trainer should be able to figure this out.


: :::  To unsubscribe, send a message with 'unsubscribe' in the message
: ::: body to: discuss-request[at]securitymetrics.org.

: :: To unsubscribe, send a message with 'unsubscribe' in the message body
: :: to: discuss-request[at]securitymetrics.org.

: To unsubscribe, send a message with 'unsubscribe' in the message body to:
: discuss-request[at]securitymetrics.org.

: To unsubscribe, send a message with 'unsubscribe' in the message body to: 
: discuss-request[at]securitymetrics.org.


From: shonharris (shonharris@logicalsecurity.com)
To: 'security curmudgeon' (jericho[at]attrition.org)
Cc: securitymetrics
Date: Wed, 18 Aug 2010 20:49:42 -0500
Subject: RE: [securitymetrics] Metricon 5.5 - Call for a Final Decision

Wow - feel the love

I have submitted requests to get off of it - you don't have to be so mean -
Jesus

Shon Harris
President
Logical Security
Phone: (888) 373-5116
On GSA Contract # GS35F0221S
Email: ShonHarris@LogicalSecurity.com

["legal" block of spew removed]


From: Kristy Seaton (Kristy.Seaton@standard.com)
To: "'shonharris@logicalsecurity.com'" (shonharris@logicalsecurity.com), "'jericho@attrition.org'" (jericho[at]attrition.org)
Cc: securitymetrics
Date: Thu, 19 Aug 2010 02:45:26 +0000
Subject: Re: [securitymetrics] Metricon 5.5 - Call for a Final Decision

Security Curmudgeon that was completely uncalled for and unprofessional.

[previous two entire mails removed]


From: security curmudgeon (jericho[at]attrition.org)
To: Kristy Seaton (Kristy.Seaton@standard.com)
Date: Wed, 18 Aug 2010 22:10:20 -0500 (CDT)
Subject: Re: [securitymetrics] Metricon 5.5 - Call for a Final Decision

On Thu, 19 Aug 2010, Kristy Seaton wrote:

: Security Curmudgeon that was completely uncalled for and unprofessional.

It was called for, and certainly rude. I'll grant you that.

"Unprofessional" is whining to the list about being subscribed, when the
clear unsubscribe instructions are on every mail. Unprofessional is Shon
sending unsolicted bulk mail advertising her company to parties that did
not opt in for her list (i.e., spam). She seems to have serious problems
when it comes to 'mail' and etiquette.

Please, make sure you scold her too.

http://attrition.org/errata/spam/logicalsecurity.com-spam01.htm
http://attrition.org/errata/spam/logicalsecurity.com-spam02.html

Our industry needs more honesty, more integrity and less playing nice out
of some silly sense of obligation to each other, just for the sake of
being nice when it isn't necessarily warranted. You can stick with fluffy
words, i'll stick with honesty and integrity. Deal?

Now, in the interest of keeping the list free of unsubscribe requests and
further banter, please take your future scolding of me and Shon off-list.
Keep the list on topic so everyone can enjoy it.


From: Kristy Seaton (Kristy.Seaton@standard.com)
To: "'jericho[at]attrition.org'" (jericho[at]attrition.org)
Date: Thu, 19 Aug 2010 03:18:35 +0000
Subject: Re: [securitymetrics] Metricon 5.5 - Call for a Final Decision

Deal


It turns out, Kristy is a fan of Shon and her work, giving her CISSP book four out of four stars. Kristy "loves how she writes, adding funny remarks to tough topics" which "makes it a lighter read". Yes, those CISSP topics are tough, and without humor, I am not sure how anyone could get through them.

From: shonharris (shonharris@logicalsecurity.com)
To: jericho[at]attrition.org
Date: Wed, 18 Aug 2010 21:59:52 -0500
Parts/Attachments:
   1.1   Shown     14 lines  Text
   1.2     OK    ~129 lines  Text
   2       OK      25 KB     Message, "unsubscribe"
   2.1.1 Shown     34 lines  Text
   2.1.2   OK    ~198 lines  Text
   2.2             11 KB     Image
   3       OK      25 KB     Message, "unsubscribe"
   3.1.1 Shown     34 lines  Text
   3.1.2   OK    ~198 lines  Text
   3.2             11 KB     Image
   4       OK      25 KB     Message, "unsubscribe"
   4.1.1 Shown     34 lines  Text
   4.1.2   OK    ~198 lines  Text
   4.2             11 KB     Image
----------------------------------------

Any more questions?

Guess you need to be a CISSP trainer to figure that some times when a person
submits a request to unsubscribe from a list it may not work .

Let me know if any of this is confusing to you


From: security curmudgeon (jericho[at]attrition.org)
To: shonharris (shonharris@logicalsecurity.com)
Date: Thu, 19 Aug 2010 18:32:38 -0500 (CDT)
Subject: Re: your mail


On Wed, 18 Aug 2010, shonharris wrote:

: Any more questions?

Why yes!

1. Why the stupid "legal" signature block that has absolutely no case law
(or logic) to back it?

2. Did you consider that three requests in a 24 hour period may mean the
moderator was possibly away from e-mail that day?

3. How do you sleep at night, knowing you are in violation of your beloved
CISSP Code of Ethics?

4. How can you really bitch about unsubscribing, when you don't honor
unsubscribe requests for your own mail lists? Isn't there some level of
hypocrisy that begins to bother you?

: Guess you need to be a CISSP trainer to figure that some times when a
: person submits a request to unsubscribe from a list it may not work .

And said CISSP trainer may need to read up on mail list administration to
learn that not all requests are automatic, that some go to the moderator
queue for manual approval.

: Let me know if any of this is confusing to you

Only thing confusing me is how you think you are relevant in the security
industry.

Thanks for any insight!


From: security curmudgeon (jericho[at]attrition.org)
To: shonharris (shonharris@logicalsecurity.com)
Date: Thu, 19 Aug 2010 18:57:39 -0500 (CDT)
Subject: Re: your mail


Oh, one more thing..

: Any more questions?

Did you actually READ the unsubscribe instructions? I am guessing no,
since it said to put "unsubscribe" in the body of the mail. All three of
yours put it in the subject instead, which is likely why it got stuck in a
moderator queue (or discarded).

All three of your mails look something like this:

From: shonharris (shonharris@logicalsecurity.com)
To: discuss-request[at]securitymetrics.org
Date: Wed, 18 Aug 2010 06:50:02 -0500
Subject: unsubscribe



Shon Harris
President

[..]

: Guess you need to be a CISSP trainer to figure that some times when a
: person submits a request to unsubscribe from a list it may not work .

I guess a CISSP trainer could use some brushing up on e-mail, specifically
header versus body.

: Let me know if any of this is confusing to you

I am confused why you haven't read up on e-mail. Pro tip in case you need
it: http://www.dummies.com/how-to/content/write-and-send-an-email.html


From: shonharris (shonharris@logicalsecurity.com)
To: 'security curmudgeon' (jericho[at]attrition.org)
Date: Thu, 19 Aug 2010 20:29:53 -0500
Subject: RE: your mail

Grow up and get a life

Petty and pathetic


From: shonharris (shonharris@logicalsecurity.com)
To: 'security curmudgeon' (jericho[at]attrition.org)
Date: Thu, 19 Aug 2010 20:30:46 -0500
Subject: RE: your mail

You can't see it but I am holding up a finger for you

Lovely 'talking' with you


From: security curmudgeon (jericho[at]attrition.org)
To: shonharris (shonharris@logicalsecurity.com)
Date: Thu, 19 Aug 2010 20:41:46 -0500 (CDT)
Subject: RE: your mail


On Thu, 19 Aug 2010, shonharris wrote:

: Grow up and get a life

Wow, you are entirely predictable.

: Petty and pathetic

Petty, yep, I can agree there. Fun too.

Pathetic though, I would disagree and say that adjective is more
appropriate for you. Wasting your life with a bullshit certification that
you clearly demonstrate means nothing, unable to remove yourself from a
mail list, all the while being a spammer.

Finally, I notice that you asked if I had more questions, and I did.. yet
you refuse to answer them. If you were relevant, you'd be destined for the
Errata Charlatans page. Instead, I think you will probably just end up on
the Postal Asshats page.

http://attrition.org/postal/asshats/

Come on.. just admit it, give me the truth in your own words. You screwed
up, you did not unsubscribe in the way as directed by the repeated
messages. You got called on it, and instead of owning up to your simple
screw-up, you resorted to the age-old "get a life" argument when you were
proven wrong.

Shallow, predictable and petty seems to sum you up. Eagerly awaiting your
"i'm rubber you're glue.." retort.


From: shonharris (shonharris@logicalsecurity.com)
To: 'security curmudgeon' (jericho[at]attrition.org)
Date: Fri, 20 Aug 2010 08:31:50 -0500
Subject: RE: your mail

I don't even know you?

Why are you ragging on me?

This has gotten out of hand.

I never said I had industry relevance - I just wrote some books and do some
training. No big deal. Why are you putting so much energy into going after
my jugular?

Let's just let this go.

I look forward to meeting you at a conference one day and you can tell me in
person how much you think I suck! Haha :)

I am not what you are making me out to be - give me a break on this.


Have a good day and go look for someone else to pick on! Haha :)

Shon Harris
President
Logical Security
Phone: (888) 373-5116
On GSA Contract # GS35F0221S
Email: ShonHarris@LogicalSecurity.com

This transmission is intended for the sole use of the individual and/or
entity to whom it is addressed, and may contain information and/or
attachments that are privileged, confidential and exempt from disclosure
under applicable law. If the reader of this transmission is not the intended
recipient, you are hereby notified that any disclosure, dissemination,
distribution, duplication or the taking of any action in reliance on the
contents of this transmission by someone other than the intended addressee
or its designated agent is strictly prohibited. If your receipt of this
transmission is in error, please notify the sender by replying immediately
to this transmission and destroy the transmission. 


Who said I have to have the last word..

From: Ray Kaplan (ray[at]rayk.com)
To: shonharris (shonharris@logicalsecurity.com)
Cc: 'security curmudgeon' (jericho[at]attrition.org), securitymetrics
Date: Thu, 19 Aug 2010 16:47:00 -0500
Subject: RE: [securitymetrics] Metricon 5.5 - Call for a Final Decision

Not to worry. That is just him being his prickly self.

Then again, it may be that you can sign up for this list, but you might not 
be able to ever leave...

RayK


Ray is a cool cat, we like him.


main page ATTRITION feedback